Hi,
I have logstash configured with snmptrap input plugin on a CentOS7 machine. Below is my .conf file that I have at /etc/logstash/conf.d
input {
snmptrap {
community => "public"
port => 1062
type => "snmptrap"
yamlmibdir=> "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/data/ruby/snmp/mibs"
}
}
output {
file {
codec => "rubydebug"
flush_interval => 1
path => "/tmp/logstash-snmptrap.log"
}
}
With this configuration, logstash running as a service, it is able to capture the SNMP traps generated locally with port as 1062, process them and write into the log as specified in my output section of conf file. But for the traps that are being created from remote machine are not being captured and processed. I am able to confirm that SNMP traps are coming into my logstash server in the tcpdump results at snmptrap port.
I tried sending traps from remote machine with port set to 1062, but they are not being read by logstash server in tcpdump results.Only traps with no port specification in the snmptrap command are read by logstash server.
Idea is to setup a logstash server that accepts the snmptraps from bunch of remote machines , process the traps and send them to elastic search. Currently I am doing a proof of concept to just write to a file.
Below is the snmptrap command that I am using to send from remote machine. I am using the same command with port 1062 while sending the trap on local machine.
snmptrap -v 2c -c public x.x.x.x "" enterprises.21865.1.2.100.0.6 enterprises.21865.1.1.1 s 'xxxxxxxxxxx' enterprises.21865.1.1.2 s 'xxxxxxxxxxxx' xxxxxxxxx' enterprises.21865.1.1.4 i 3 enterprises.21865.1.1.5 i 0 enterprises.21865.1.1.6 s 'f96282bd-ce4b-4d50-b56d-55f2d9c891b3 00:0C:29:A6:29:8E :AD:83 {US:-9999}' enterprises.21865.1.1.7 s 'xxxxxxxxxxx' enterprises.21865.1.1.8 s 'Version 10.5.2-1.2021042913333334.CentOS7 Fri 30 Apr 2021 03:04:25 AM EDT' enterprises.21865.1.1.9 s 'Forum Id: NONE' 2>&1
can someone help?